package serversidepkg;

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */

import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import java.sql.*;
import backendpkg.DataSource;

/**
 *
 * @author lorenzo
 */
public class LoginServlet extends HttpServlet {

    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
    	
    	response.setHeader("Cache-Control","no-cache"); //Forces caches to obtain a new copy of the page from the origin server
    	response.setHeader("Cache-Control","no-store"); //Directs caches not to store the page under any circumstance
    	response.setDateHeader("Expires", 0); //Causes the proxy cache to see the page as "stale"
    	response.setHeader("Pragma","no-cache"); //HTTP 1.0 backward compatibility
    	
        HttpSession session = request.getSession();
        //initialize RequestDispatcher object; set forward to login page by default
        RequestDispatcher reqdisp = request.getRequestDispatcher("/login.jsp");
        
        //Get connection to database
        DataSource datasource = new DataSource();
        Connection conn = datasource.getConnection();

        //DB Query
        PreparedStatement statement;

        String query = "SELECT password FROM User WHERE username=?";
        String username = request.getParameter("username");
        String password = request.getParameter("password");

        try {
            statement = conn.prepareStatement(query);
            statement.setString(1, username);
            ResultSet result = statement.executeQuery();

            if(result.next()){
                if(result.getString("password").equals(password)){
                    //Set user status to online in database
                    query = "UPDATE User "
                            + "SET last_online=NOW() "
                            + "WHERE username=?";
                    statement = conn.prepareStatement(query);
                    statement.setString(1, username);
                    statement.executeUpdate();
                    
                    //Saves username string in the session object
                    session.setAttribute("username", username);
                    //execute login and redirect to Chat Window
                    reqdisp = request.getRequestDispatcher("/chatwindow.htm");
                }
            }else{
            	request.setAttribute("Error", "Invalid username or password."); 
            }
            reqdisp.forward(request, response);
            //Close connection
            conn.close();
            
        } catch (SQLException ex) {
            Logger.getLogger(LoginServlet.class.getName()).log(Level.SEVERE, null, ex);
        }

    }

}